Re: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error

[Cedric VIVES <cvives@xxxxxxxxxxxxxxxx>]

Hi,

My client mail add the slash for the italic...my corrections beside :

Le 23/04/2018 à 14:27, Stefan May a écrit :
> On 04/20/2018 10:37 AM, Cedric VIVES wrote:
> > Hi,
> >
> > I have installed a LoRa Server with the following services :
> > - MQTT Broker (*1.4.15*-0mosquitto1~xenial1)
> > - LoRa-Server
> > - LoRa-App-Server
> >
> > On the other side, A raspberry Pi (with raspbian) send data with the 
> > LoRa-Gateway-Bridge.
> >
> > When the connection is unencrypted (tcp://@server on the 
> > LoRa-Gateway-Bridge.toml), it works !
> >
> > However, in ssl :
> >
> > The client is connected :
> >
> > /1524211792: New connection from xxx.xxx.xxx.xxx on port 8883.//
> > //1524211792: New client connected from xxx.xxx.xxx.xxx as 
> > 96240ae6-28cb-446c-8dd2-0d2d9f045487 (c1, k30)./
> >
> > But it the server doesn't receive anything because :
> >
> > /mosquitto_sub -h FQDN_OF_MY_SERVER -p 8883 -t "#"  --cafile 
> > /etc/lora-app-server/certs/CAcert.crt/
>
> Did you recognize the slash (/) after the certificate?

The command used is :
mosquitto_sub -h FQDN_OF_MY_SERVER -p 8883 -t "#"  --cafile 
/etc/lora-app-server/certs/DigiCertCA.crt

=> Unable to connect (A TLS error occurred.)
> > /*=> Unable to connect (A TLS error occurred.)*/
> >
> > The mosquitto logs shows :
> >
> > /*1524212646: OpenSSL Error: error:14094418:SSL 
> > routines:ssl3_read_bytes:tlsv1 alert unknown ca*//*
> > *//*1524212646: OpenSSL Error: error:140940E5:SSL 
> > routines:ssl3_read_bytes:ssl handshake failure*/
> >
> > For information, it is an official certificate with CN = name of the 
> > FQDN of the server.
> > When i check it by openssl :
> >
> > /openssl s_client -connect //FQDN_OF_MY_SERVER//:8883 -CAfile 
> > /etc/lora-gateway-bridge/certs/CECert.crt/
>
> Same here and here it is called CECert.crt with an E?
I made a mistake in the mail but no in my config, it is :
openssl s_client -connect FQDN_OF_MY_SERVER:8883 -CAfile 
/etc/lora-gateway-bridge/certs/DigiCertCA.crt
> > */=> Verify return code: 0 (ok)/*
> >
> > I have seen in the archive that the same problem occured with older 
> > versions but not resolved...have you any advices to fix this issue ?
> >
> > Thanks.
> >
> > Regards,
> > Cédric
> >
> > --
> > Cédric VIVES
> > Pôle Infrastructures Informatiques et Télécommunication
> > Centre de Services Numériques
> > Tél. : +33 (0)5 61 55 93 72
> > cedric.vives@xxxxxxxxxxxxxxxx
> > INSA Toulouse
> > 135 avenue de Rangueil
> > 31077 Toulouse CEDEX 04
> > France
> > www.insa-toulouse.fr
> >
> >
> >
> > _______________________________________________
> > mosquitto-dev mailing list
> > mosquitto-dev@xxxxxxxxxxx
> > To change your delivery options, retrieve your password, or 
> > unsubscribe from this list, visit
> > https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

--
Cédric VIVES
Pôle Infrastructures Informatiques et Télécommunication
Centre de Services Numériques
Tél. : +33 (0)5 61 55 93 72
cedric.vives@xxxxxxxxxxxxxxxx
INSA Toulouse
135 avenue de Rangueil
31077 Toulouse CEDEX 04
France
www.insa-toulouse.fr